In a recent cybersecurity incident, Australian pathology clinic TissuPath has reported a significant data breach that may have exposed 10 years' worth of pathology referral letters.
According to national cybersecurity coordinator Darren Goldie, the Australian government has been notified of the data breach at TissuPath and is now conducting a probe for possible incidents affecting real estate firm Barry Plant and owners corporation management company Strata Plan, The Guardian reported.
Data Breach at Australian Pathology Clinic TissuPath
Responding to the breach, TissuPath has issued an apology to affected patients and initiated an investigation into the extent of the potential data exposure.
The compromised data reportedly includes scanned pathology request forms containing sensitive patient information, such as patient names, dates of birth, contact details, Medicare numbers, and private health insurance details.
However, TissuPath emphasized that the breach did not compromise its main database and reporting system for storing patient diagnoses. Furthermore, the clinic clarified that it does not store patients' financial details or other personal documents like driver's license numbers.
Read Also: US, Global Authorities Dismantle Qakbot Malware Platform Used in Financial Crimes
TissuPath Details the Data Breach
In a letter addressing the incident posted on the Urological Society of Australia and New Zealand (USANZ) website, TissuPath informed referring doctors about the data breach. The letter disclosed that an unauthorized party had stolen patient demographic data related to pathology referrals between 2011 and 2020.
The breach does not include patient diagnoses, credit card information, or driver's license details. TissuPath's primary systems, including the report database and the Doctor's Portal, were unaffected by the breach.
The accessed data comprises various patient details, including names, dates of birth, addresses, Medicare card numbers (if provided), private health insurance numbers (if provided), contact numbers (if provided), and information related to the referring doctors, such as their Medicare provider numbers, names, practice addresses, and contact numbers.
The unauthorized party behind the breach has reportedly threatened to publish the stolen data on the dark web after 1 p.m. on August 26 unless certain demands, which were undisclosed, were met.
The breach was initiated through illegal access obtained via a third-party IT service provider. In response, TissuPath said it has taken immediate measures to enhance the security of its systems.
Additionally, the clinic promptly reported the data breach to the Office of the Australian Information Commissioner and the Australian Cyber Security Centre. TissuPath is also in the process of notifying affected clients and patients.
Recognizing the potential concern and inconvenience this incident may cause to patients who were referred to TissuPath between 2011 and 2020, the clinic has committed to contacting affected individuals in cooperation with the Department of Home Affairs.
In their letter addressing the breach, TissuPath has expressed deep regret for the incident and reaffirmed their commitment to safeguarding patient data. The clinic assured clinicians and patients that it is taking all necessary steps to maintain a strong and secure data system.
"On behalf of TissuPath we apologise sincerely and deeply regret that this incident occurred. We take seriously our responsibility to safeguard our data and want to assure all our clinicians and patients that TissuPath is taking every reasonable step to maintain a strong and secure system. We will continue to take advice from the relevant authorities and wish to thank you for your understanding and support," the letter reads.
Related Article: Meta Exposes Massive Disinformation Operations Linked to China
